On 25/May/11 20:23, Dave CROCKER wrote:
On 5/25/2011 9:59 AM, John Levine wrote:
The idea is to anticipate any unknown signature breaker.
I'm pretty sure that's specifically out of scope.
And I promise that whatever you do, short of wrapping the whole
message in opaque armor, I can come up with something that will
break it.
One might have a goal of attempting to be robust against all forms of
potential
breakage.
That's not likely to be the goal of this sort of exercise. Rather, it will
be
to choose a set of particular types of breakage, ignoring others. For an
effort
like that, it is not meaningful to come up with additional types of breakage,
since there is no attempt to cover such additional examples.
Of course, a signature cannot survive a deliberate attempt at breaking
it. However, earlier analysis considered man-in-the-middle attacks
like changing, e.g., "Amoeba yeast" into "Amo ebay east" [Bryan
Costales, Thu, 04 Aug 2005]. We don't know how likely such kind of
attacks may be, since only tight canonicalizations were standardized.
By introducing a loose canonicalization we may learn whether signature
survivability affects DKIM adoption. If wider usage introduces
attacks, we can switch back to current canonicalizations --in case
downgrades will have gone away-- or design yet another one,
approaching just the tightness we need. My appeal is for not imposing
monotonicity to successive approximations, and allow erring on the
too-lose side as well.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html